Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

• IT experts reported security flaws in
pacemakers and defibrillators could be putting lives at risk, stating that many
devices are not properly secured and therefore are vulnerable to hackers who
may want to commit an act that could lead to multiple deaths, Homeland Security
reported November 28. – Homeland Security News Wire

21. November
28, Homeland Security News Wire – (International) Pacemakers,
other implanted devices, vulnerable to lethal attacks. IT experts reported security
flaws in pacemakers and defibrillators could be putting lives at risk, stating
that many devices are not properly secured and therefore are vulnerable to
hackers who may want to commit an act that could lead to multiple deaths,
Homeland Security reported November 28. The Sydney Morning Herald reported that
a famous hacker hacked into a pacemaker in October at the Breakpoint security
conference in Melbourne, Australia, and was able to deliver an 830-volt jolt to
a pacemaker by logging into it remotely after hacking the device. He, however,
did not reveal which models were vulnerable to hackers. The hack was possible
because many implanted medical devices use wireless technology and
authentication which uses a name and a password, which is the serial and model
number of the device. According to the hacker, most medical devices are
designed to be easy to access by a doctor who may need to change something
quickly in case of an emergency. The hacker found secret commands that doctors
use in order to send a “raw packet” of data over the airwaves to find any
pacemaker or defibrillator in a specific range and have it respond with its
serial and model number. The information allows a hacker to authenticate a
device to receive data and perform commands, meaning they can send a command to
jolt the heart of multiple devices and, in some cases, in a range of up to
twelve meters. The U.S.Government Accountability Office released a report that
highlighted problems with the security of medical devices, and called upon the
Food and Drug Administration to ensure devices are secure from these attacks.
Source: http://www.homelandsecuritynewswire.com/dr20121128-pacemakers-other-implanted-devices-vulnerable-to-lethal-attacks

• The International Atomic Energy Agency said
information stolen from one of its former servers was posted on a hacker Web
site November 27, and it was taking “all possible steps” to ensure its computer
systems and data were protected. – Reuters

6.
November 27, Reuters – (International)
U.N. atom agency says stolen information on hacker site. The U.N.
nuclear watchdog said information stolen from one of its former servers had
been posted on a hacker Web site November 27, and it was taking “all possible
steps” to ensure its computer systems and data were protected. The stolen
information was contained in a statement by a hacking group. The International
Atomic Energy Agency (IAEA) said the theft concerned “some contact details
related to experts working” with the Vienna-based agency but it did not say who
might have been behind the action. A Western diplomat said the stolen data was
not believed to include information related to confidential work carried out by
the IAEA. The statement posted under the name “Parastoo” included a large
number of email addresses. An IAEA spokeswoman said the agency “deeply regrets
this publication of information stolen from an old server that was shut down
some time ago”. “The IAEA’s technical and security teams are continuing to
analyze the situation and do everything possible to help ensure that no further
information is vulnerable,” she said. Source: http://www.reuters.com/article/2012/11/27/net-us-nuclear-iaea-hacking-idUSBRE8AQ0ZY20121127

23. November
27, Associated Press – (Tennessee) 30 Tenn. courthouses receive bomb threats. Authorities
said 30 Tennessee counties received false bomb threats to courthouses or other
government buildings November 27, forcing evacuations while authorities
conducted searches. A Tennessee Department of Safety and Homeland Security
spokeswoman said no explosives were found and no arrests were made. A spokesman
for the Tennessee Emergency Management Agency said the threats were made in
phone calls to county clerk offices. In Memphis, police said an unknown woman
called and said she had information that someone was going to blow up three
buildings in the city, including the federal building and a post office.
Tennessee became the fourth State in November to deal with widespread bomb
hoaxes. Oregon, Nebraska, and Washington all had similar threats reported to
courthouses. Source: http://www.necn.com/11/27/12/24-Tenn-courthouses-receive-bomb-threats/landing_nation.html?&apID=0892ed08ac484c09b1d222334911679c

• A Texas hotel claimed to have suffered
multiple burglaries stemming from flaws in a common type of electronic lock,
exploits for which were demonstrated at this year’s Black Hat hacking
conference, the Register reported November 27. – The Register

33.
November 27, The Register – (Texas) Hotel
blames burglaries on hacked Onity card locks. A Texas hotel claimed to have
suffered multiple burglaries stemming from flaws in a common type of electronic
lock, exploits for which were demonstrated at this year’s Black Hat hacking
conference, the Register reported November 27. The Hyatt hotel in Houston’s
Galleria complex told Forbes that its guests suffered a string of break-ins in
September, and that it identified the hacking of its Onity locks as the method
used. The suspect was arrested for the break-ins and has helped the police with
their inquiries. The hotel owners said they became aware of the issue with
Onity locks in August and were working with the company on a fix when the
thefts took place. At the time of the Black Hat presentation, Onity called the
hack “unreliable, and complex to implement,” but it appears not too complex for
others to imitate. So far Onity has offered two workarounds – covering up the
data port with screws that are difficult to remove, or replacing the entire
circuit board of the lock, which the manufacturer wants hotels to pay for
themselves. Source: http://www.theregister.co.uk/2012/11/27/hotel_onity_locks_hacked/

Details

Banking and Finance Sector

7. November
28, WBBM 2 Chicago – (Illinois) ‘Stringer Bell Bandit’ robs Citibank branch in
Loop. Authorities are now linking a bank robbery in Chicago’s Loop area
November 26 to the Stringer Bell Bandit — a man who allegedly robbed six other
banks in seven attempts since October. The bandit — named after a character
from the TV series The Wire — allegedly robbed the Citibank branch at 111 West
Jackson Boulevard, according to the FBI’s Bandit Tracker Web site. He allegedly
passed a note to the teller demanding cash, then fled on foot. No weapon was
displayed. The Stringer Bell bandit allegedly struck the same bank November 13,
according to the FBI. Source: http://chicago.cbslocal.com/2012/11/28/stringer-bell-bandit-robs-citibank-branch-in-loop/

8. November
27, IDG News Service – (International) Romanian authorities dismantle cybercrime
ring responsible for $25M credit card fraud. Romanian law enforcement
authorities dismantled a criminal group that stole credit card data from
foreign companies as part of an operation that resulted in fraudulent
transactions totaling $25 million, IDG News Service reported November 27.
Officers from the country’s organized crime police working with prosecutors
from the Romanian Directorate for Investigating Organized Crime and Terrorism
(DIICOT) executed 36 search warrants and arrested 16 individuals suspected of
being members of the credit card fraud ring. According to DIICOT, the group’s
members gained unauthorized access to computer systems belonging to foreign
companies that operate gas stations and grocery stores, and installed computer
applications designed to intercept credit card transaction data. The
applications were configured to store the captured data locally for later
retrieval, upload it automatically to external servers, or send it to email
addresses controlled by the gang’s members, the agency said. The stolen credit
card information was then sold or used to create counterfeit cards. The group
opened several IT services companies in Romania and used them for the specific
purpose of building and maintaining a computer infrastructure that would
support its criminal operation. A spokeswoman confirmed that the companies
targeted by the fraud ring were not from Romania, but declined to name them or
reveal in which countries they operate because the investigation is ongoing.
Source: http://www.computerworld.com/s/article/9234057/Romanian_authorities_dismantle_cybercrime_ring_responsible_for_25M_credit_card_fraud

9. November
27, U.S. Commodity Futures Trading Commission –
(Connecticut) CFTC says Connecticut resident ran $5.4M Ponzi scheme. The
U.S. Commodity Futures Trading Commission (CFTC) November 27 announced the
filing of a civil enforcement action charging a Branford, Connecticut man with
operating a commodity pool Ponzi scheme that solicited approximately $5.4
million from at least 50 people to invest in a commodity pool named First Financial,
LLC. The man allegedly misappropriated at least $900,000 of pool participants’
funds, using the funds to pay personal expenses and purchase gifts. The CFTC
complaint also charges him with failing to register as a Commodity Pool
Operator (CPO) of First Financial. According to the complaint, from at least
January 2007 and continuing until September 13, 2012, the man, in order to
entice prospective participants, guaranteed monthly and yearly returns of 1
percent to 15 percent on investments in the pool. Of the $5.4 million solicited
from pool participants, at least $900,000 was misappropriated, approximately
$1.32 million was lost trading futures in accounts in the name of First
Financial, and $3.17 million was paid out to certain pool participants as fictitious
“profits” or returns of principal, according to the complaint. The man
allegedly admitted to one pool participant that he was operating a Ponzi
scheme. To falsely assure pool participants that their funds were safe in the
pool’s trading accounts, he allegedly fabricated trading account statements
from First Financial and from futures commission merchants. Source: http://www.futuresmag.com/2012/11/27/cftc-says-connecticut-resident-ran-54m-ponzi-schem?t=managed-funds

Information Technology Sector

26. November
28, Softpedia – (International) Fake Angry Birds Star Wars hides Android
trojan. GFI Labs experts have identified an application on a Russian Web
site that is promoted as Angry Birds Star Wars, but is actually a piece of
malware known as Boxer. Boxer is a threat that has been around for quite some
time. It is highly popular among cybercriminals because it helps them make a
considerable profit by sending SMSs from the compromised smartphone to premium
rate numbers. GFI’s VIPRE Mobile detects the threat as
Trojan.AndroidOS.Generic.A. Experts advise users to download Android apps only
from trusted locations such as Google Play.

27. November
28, Help Net Security – (International) Malicious ads lead to
fake browser updates. StopMalwertising warns of an upswing of “Your browser
is out of date” trick used to infect computers with malware. The scam starts
with malicious ads leading to pages able to detect which browser users use and
serve them with a fake notification about them needing to update their browser.
The landing page was initially located on securebrowserupdate.com, but has
since been removed. These served pages have the look and the feel of the
legitimate browsers’ sites they are trying to impersonate. According to Trend
Micro, French, U.S., and Spanish users are among the most targeted/gullible.
“Instead of an update, users download a malware detected as JS_DLOADR.AET,
which was found capable of changing the downloaded binary to have a different
payload,” Trend Micro researchers shared. “The malicious JavaScript, in turn, downloads
TROJ_STARTPA.AET and saves it as {Browser Download Path}\install.exe. Based on
our initial analysis, the Trojan modifies the user’s Internet Explorer home
page to http://{BLOCKED}rtpage.com, a site that may host other malicious files
that can further infect a user’s system.” Source: http://www.net-security.org/malware_news.php?id=2337&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+HelpNetSecurity+(Help+Net+Security)&utm_content=Google+Reader

28. November
27, Help Net Security – (International) Hardcoded account in
Samsung printers provides backdoor for attackers. The U.S. Computer
Emergency Readiness Team (US-CERT) issued an alert warning users of Samsung
printers and some Dell printers manufactured by Samsung about the presence of a
hardcoded account that could allow remote attackers to access an affected
device with administrative privileges. This privileged access could also be
used to change the device configuration, access sensitive information stored on
it (credentials, network configuration, etc.), and even to mount additional
attacks through arbitrary code execution, US-CERT claims. The hardcoded account
is present in all printers released before October 31, 2012. Samsung said that
a patch will be pushed out “later this year.” Source: http://www.net-security.org/secworld.php?id=14020&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+HelpNetSecurity+(Help+Net+Security)&utm_content=Google+Reader

29. November
27, Krebs on Security – (International) Java zero-day exploit on
sale for ‘five digits’. Miscreants in the cyber underground are selling an
exploit for a previously undocumented security hole in Oracle’s Java software
that attackers can use to remotely seize control over systems running the
program, KrebsOnSecurity has learned. The flaw, currently being sold by an
established member of an invite-only Underweb forum, targets an unpatched
vulnerability in Java JRE 7 Update 9, the most recent version of Java (the
seller says this flaw does not exist in Java 6 or earlier versions). According
to the vendor, the weakness resides within the Java class “MidiDevice.Info,” a
component of Java that handles audio input and output. “Code execution is very
reliable, worked on all 7 version I tested with Firefox and MSIE on Windows 7,”
the seller explained in a sales thread on his exploit. It is not clear whether
Chrome also is affected. Source: http://krebsonsecurity.com/2012/11/java-zero-day-exploit-on-sale-for-five-digits/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+KrebsOnSecurity+(Krebs+on+Security)&utm_content=Google+Reader

For more stories, see items 6 and 21 above in Top Storiesand 8
above in the Banking and Finance Sector

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"